Hi,
> if (acl in pg_database == NULL)
> acl = acldefault
> else
> acl = acl in pg_database
> if (has_permission(acl, user, ACL_CONNECT))
> can connect
> else
> can't connect
>
>
> To revoke a privilege you do this:
>
> if (acl in pg_datbase == NULL)
> acl = acldefault
> else
> acl = acl in pg_database
> newacl = revoke_privilege_from(acl)
> store newacl in pg_database
Perfect, I see it now :) My error was to actually add the "acldefault"
when the acl was null.
>
> > Personally I think it would be better for the database owner not have
> > the option to REVOKE himself from the CONNECTION privilege of his own
> > database.
>
> Why? A table owner can revoke privileges from himself.
Of course a TABLE owner can revoke privileges from himself. But why
would a DATABASE owner want to lock himself out from CONNECTING to his
database. Perhaps there is a legitimate reason for this but it doesn't
make sense. Right? I see it this way: Why should I lockout myself from
my own house and throw the keys away. (I am a man of simple words and
examples, I must apologize.)
> I understand your point, but we give a lot of privileges by default (I
> think we give CREATE on the PUBLIC schema, for example). You can
> propose to change that behavior, but I feel that's a different
> discussion than what you are working on ATM.
>
Agreed.